Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <008901c2708e$53dfd480$391e10ac@dietpepsi> From: "David Monk" To: "Harig, Mark A." , "Len Giambrone" Cc: References: Subject: Re: sshd problems Date: Thu, 10 Oct 2002 13:53:27 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 From the default installation, then ssh-host-config perspective of this now, my /var/empty looked like this immediately following ssh-host-config: drwxrwxrwx 2 system system 0 Oct 10 13:18 /var/empty Well, the date was different, as I have deleted and recreated it manually a couple times trying to get this working. Changing it to what you show: drwxr-xr-x 2 system system 0 Oct 10 13:18 /var/empty gives the following, using a separate key to even get sshd to run: $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d debug1: sshd version OpenSSH_3.4p1 debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA Disabling protocol version 1. Could not load host key Bad owner or mode for /var/empty Looking through the archives shows there have been a lot of recent problems with sshd. My current question is, does anyone now have sshd running as a service, using privsep on Windows 2000 with an NTFS filesystem? I am beginning to wonder if it could be due to service pack 3. That was a recent update to this system. Unfortunately, I only use sshd on this system when I need to do things from home, so I can not pinpoint exactly when this issue appeared. David ----- Original Message ----- From: "Harig, Mark A." To: "David Monk" ; "Len Giambrone" Cc: Sent: Thursday, October 10, 2002 1:41 PM Subject: RE: sshd problems According to /usr/doc/Cygwin/openssh-3.4p1-5.README: >The new ssh-host-config script also adds the /var/empty directory >needed by privilege separation. When creating the /var/empty directory >by yourself, please note that in contrast to the README.privsep document >the owner sshould not be "root" but the user which is running sshd. So, >in the standard configuration this is SYSTEM. The ssh-host-config script >chowns /var/empty accordingly. In /usr/bin/ssh-host-config is the following code: ># Create /var/empty file used as chroot jail for privilege separation >if [ -f /var/empty ] >then > echo "Creating /var/empty failed\!" >else > mkdir -p /var/empty > # On NT change ownership of that dir to user "system" > if [ $_nt -gt 0 ] > then > chown system.system /var/empty > fi >fi For me, I have the following permissions: $ ls -ld /var/empty drwxr-xr-x 2 SYSTEM SYSTEM 0 Jul 24 11:39 /var/empty > -----Original Message----- > From: David Monk [mailto:david AT purplebear DOT net] > Sent: Thursday, October 10, 2002 2:31 PM > To: Len Giambrone > Cc: cygwin AT cygwin DOT com > Subject: Re: sshd problems > > > Generating a new key worked, as far as finding the key goes. Then it > presented me with a /var/empty ownership or permissions > issue. So, thinking > along the same lines, I chaned owner of that dir to myself. > Finally, sshd > runs. Not as a service unfortunately, but it does run. Also > unfortunately, I > can not log in under these circumstances. I get a password > prompt, but it > never accepts it. I can only guess this has something to do > with privlege > separation. > > Anyway, the main problem here, from the beginning of this > thread, is that > openssh was working fine, running as a service, using > privlege separation > until approx 2 weeks ago. The only thing I could have > possibly done to break > that was updating packages. So, somewhere, something in > cygwin changed. > Either specifically with the openssh package or with the some > other aspect, > but something has definitely changed. Again, this was working > beautifully I > know for absolute certainty 3 weeks ago, the server running > as a service via > cygrunsrv, utilizing the privlege separation. The only things > that have been > done to this system over the last few months has been regular > virus updates, > updates for Windows and cygwin updates. I have not messed with any > configuration files, nor have I changed any file permissions > within cygwin > of it's file tree to cause this. > > David (a huge amount of text deleted) -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/